Package thunderbird: Information

Source package: thunderbird
Version: 91.6.0-alt1
Build time:  Feb 17, 2022, 12:17 PM in the task #295262
Category: Networking/Mail
Report package bug
Gear: https://git.altlinux.org/gears/t/thunderbird.git?a=tree;hb=ebce3…
Home page: https://www.thunderbird.net
License: MPL-2.0
Summary: Thunderbird is Mozilla's e-mail client
Description: 
Thunderbird is Mozilla's next generation e-mail client. Thunderbird makes
emailing safer, faster and easier than ever before and can also scale to meet
the most sophisticated organizational needs.

The package contains Lightning - an integrated calendar for Thunderbird.
List of rpms provided by this srpm:
rpm-build-thunderbird (x86_64, ppc64le, i586, aarch64)
thunderbird (x86_64, ppc64le, i586, aarch64)
thunderbird-wayland (x86_64, ppc64le, i586, aarch64)
Maintainer: Andrey Cherepanov
List of contributors:
Pavel Vasenkov
Andrey Cherepanov
Aleksei Nikiforov
Gleb Fotengauer-Malinovskiy
Paul Wolneykien
Anton Farygin
Vladimir Didenko
Alexey Gladkov
Alexey Morozov
    1. doxygen
    2. libgtk+3-devel >= 3.14
    3. libproxy-devel
    4. libhunspell-devel
    5. /proc
    6. libX11-devel
    7. /dev/shm
    8. libXScrnSaver-devel
    9. libjpeg-devel
    10. libXcomposite-devel
    11. libXcursor-devel
    12. imake
    13. libXdamage-devel
    14. python3-base
    15. libpulseaudio-devel
    16. libXext-devel
    17. libvpx-devel
    18. libXft-devel
    19. libXi-devel
    20. libXt-devel
    21. python3-module-pip
    22. libcurl-devel
    23. libalsa-devel
    24. libwireless-devel
    25. python3-module-setuptools
    26. libdbus-glib-devel
    27. python3-modules-sqlite3
    28. libxkbcommon-devel
    29. gcc-c++
    30. libdrm-devel
    31. lld12.0-devel
    32. llvm12.0-devel
    33. libevent-devel
    34. makedepend
    35. libffi-devel
    36. rust
    37. rust-cargo
    38. libstartup-notification-devel
    39. libstdc++-devel
    40. rpm-build-mozilla.org
    41. mozilla-common-devel
    42. alternatives
    43. nasm
    44. autoconf_2.13
    45. autoconf_2.13
    46. node
    47. libnotify-devel
    48. libnspr-devel
    49. libnss-devel
    50. libnss-devel-static
    51. browser-plugins-npapi-devel
    52. bzlib-devel
    53. chrpath
    54. clang12.0-devel
    55. libopus-devel
    56. libotr-devel
    57. unzip
    58. gst-plugins1.0-devel
    59. libIDL-devel
    60. xorg-cf-files
    61. libpixman-devel
    62. libGL-devel
    63. yasm
    64. zip

Last changed

Feb. 12, 2022 Pavel Vasenkov 91.6.0-alt1
- New version.
- Security fixes:
  + CVE-2022-22753 Privilege Escalation to SYSTEM on Windows via Maintenance Service
  + CVE-2022-22754 Extensions could have bypassed permission confirmation during update
  + CVE-2022-22756 Drag and dropping an image could have resulted in the dropped object being an executable
  + CVE-2022-22759 Sandboxed iframes could have executed script if the parent appended elements
  + CVE-2022-22760 Cross-Origin responses could be distinguished between script and non-script content-types
  + CVE-2022-22761 frame-ancestors Content Security Policy directive was not enforced for framed extension pages
  + CVE-2022-22763 Script Execution during invalid object state
  + CVE-2022-22764 Memory safety bugs fixed in Thunderbird 91.6
Jan. 25, 2022 Pavel Vasenkov 91.5.1-alt1
- New version.
Jan. 12, 2022 Andrey Cherepanov 91.5.0-alt1
- New version.
- Security fixes:
  + CVE-2022-22746 Calling into reportValidity could have lead to fullscreen window spoof
  + CVE-2022-22743 Browser window spoof using fullscreen mode
  + CVE-2022-22742 Out-of-bounds memory access when inserting text in edit mode
  + CVE-2022-22741 Browser window spoof using fullscreen mode
  + CVE-2022-22740 Use-after-free of ChannelEventQueue::mOwner
  + CVE-2022-22738 Heap-buffer-overflow in blendGaussianBlur
  + CVE-2022-22737 Race condition when playing audio files
  + CVE-2021-4140 Iframe sandbox bypass with XSLT
  + CVE-2022-22748 Spoofed origin on external protocol launch dialog
  + CVE-2022-22745 Leaking cross-origin URLs through securitypolicyviolation event
  + CVE-2022-22744 The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection
  + CVE-2022-22747 Crash when handling empty pkcs7 sequence
  + CVE-2022-22739 Missing throttling on external protocol launch dialog
  + CVE-2022-22751 Memory safety bugs fixed in Thunderbird 91.5
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top